代码拉取完成,页面将自动刷新
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
# base on nginx 1.16.1
user nginx;
# worker_processes auto;
worker_processes 4;
error_log /var/log/nginx/error.log error;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
accept_mutex on;
use epoll;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" "$server_name" $server_port';
# 日志不立即写入磁盘,提高性能
access_log /var/log/nginx/access.log main buffer=32k flush=1m;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 30;
types_hash_max_size 2048;
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
gzip on;
gzip_min_length 2k;
gzip_comp_level 4;
gzip_types text/css text/xml image/gif image/jpeg application/javascript application/rss+xml text/plain image/png image/tiff image/x-icon image/x-ms-bmp image/svg+xml application/json;
gzip_vary on;
gzip_buffers 4 16k;
# gzip_http_version 1.0;
# 启用 Brotli 压缩,需要重新编译加入 Brotli 模块,可以与 gzip 共存,相对 gzip 压缩率更高,占用资源更少,不过只支持 https
brotli on;
brotli_static on; # 预压缩
brotli_min_length 2k;
brotli_comp_level 6; # 0-11
brotli_window 512k;
brotli_types text/css text/xml image/gif image/jpeg application/javascript application/rss+xml text/plain image/png image/tiff image/x-icon image/x-ms-bmp image/svg+xml application/json;
brotli_buffers 4 16k; # 最新版官方已经废弃忽略的选项
upstream wsgi-blogbackend {
ip_hash;
server 127.0.0.1:8002 max_fails=3 fail_timeout=0;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name www.blog.com;
# add_header X-Frame-Options "DENY";
if ($host != $server_name) { # 禁止IP访问,只能使用域名访问
return 400;
}
# 封禁爬虫
if ($http_user_agent ~* "^$|Baiduspider|Bytespider|EasouSpider|EtaoSpider|dotbot|Sougou|Scrapy|YisouSpider|bingbot|360Spider|Sogou web spider")
{
return 500;
}
location ~* \.(php|asp||aspx|jsp)$ {
return 500;
}
location /static {
root /home/workspace/blogproject;
# expires 30d;
if ($request_filename ~* .*\.(css|js|gif|jpg|jpeg|png|bmp|swf|svg)$)
{
expires 7d;
}
}
location /media { # 防止目录穿越, location 和 alias 都不加 /
alias /home/workspace/blogproject/uploads;
# expires 30d;
if ($request_filename ~* .*\.(css|js|gif|jpg|jpeg|png|bmp|swf|svg)$)
{
expires 7d;
}
}
location / {
try_files $uri @proxy_to_app;
}
location @proxy_to_app {
proxy_pass http://wsgi-blogbackend;
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $server_name;
proxy_intercept_errors on;
}
location = /favicon.ico {
access_log off; #关闭正常访问日志
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
if ( $request_uri ~ ^/favicon\.ico$ ) { #关闭favicon.ico 404错误日志
access_log off;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 80;
listen [::]:80;
server_name www.leffss.com;
add_header X-Frame-Options "DENY";
return 307 https://$host$request_uri;
}
upstream wsgi-backend {
ip_hash;
server 127.0.0.1:8000 max_fails=3 fail_timeout=0;
}
upstream asgi-backend {
ip_hash;
server 127.0.0.1:8001 max_fails=3 fail_timeout=0;
}
# Settings for a TLS enabled server.
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name www.leffss.com;
ssl_certificate "/etc/nginx/server.crt";
ssl_certificate_key "/etc/nginx/server.key";
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # nginx支持TLSv1.3 但是好像系统openssl版本太低不支持
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 30m;
# http2_push_preload on; # http2 主动推送
# HSTS 31536000 one year
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Frame-Options "DENY";
# Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
# location /static/ {
# alias /home/workspace/devops/static/;
# expires 1h;
# }
# location /media/ {
# alias /home/workspace/devops/media/;
# expires 1h;
# }
# 【=】模式: location = path,此种模式优先级最高(但要全路径匹配)
# 【^~】模式:location ^~ path,此种模式优先级第二高于正则;
# 【~ or ~*】模式:location ~ path,正则模式,优先级第三,【~】正则匹配区分大小写,【~*】正则匹配不区分大小写;
# 【path】模式: location path,中间什么都不加,直接跟路径表达式;
# location = /uri = 开头表示精确匹配,只有完全匹配上才能生效。最高优先级。
# location ^~ /uri ^~ 开头对URL路径进行前缀匹配,并且在正则之前。
# location ~ pattern ~ 开头表示区分大小写的正则匹配。
# location ~* pattern ~* 开头表示不区分大小写的正则匹配。
# !~和!~* 分别为区分大小写不匹配及不区分大小写不匹配的正则
# location /uri 不带任何修饰符,也表示前缀匹配,但是在正则匹配之后。
# location / 通用匹配,任何未匹配到其它location的请求都会匹配到,相当于switch中的default。
#location ~* .*\.(css|js|gif|jpg|jpeg|png|bmp|swf|svg)$ {
# expires 30d;
#}
if ($host != $server_name) { # 禁止IP访问,只能使用域名访问
return 400;
}
# 封禁爬虫
if ($http_user_agent ~* "^$|Baiduspider|Bytespider|EasouSpider|EtaoSpider|dotbot|Sougou|Scrapy|YisouSpider|bingbot|360Spider|Sogou web spider")
{
return 500;
}
location ^~ /admin {
return 500;
}
location ~* \.(php|asp||aspx|jsp)$ {
return 500;
}
location ~* ^/(media|static) {
root /home/workspace/devops;
# expires 30d;
if ($request_filename ~* .*\.(css|js|gif|jpg|jpeg|png|bmp|swf|svg)$)
{
expires 7d;
}
}
location /ws {
try_files $uri @proxy_to_ws;
}
location @proxy_to_ws {
proxy_pass http://asgi-backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $server_name;
proxy_intercept_errors on; #获取后端错误码并处理
recursive_error_pages on;
}
location / {
try_files $uri @proxy_to_app;
}
location @proxy_to_app {
proxy_pass http://wsgi-backend;
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $server_name;
proxy_intercept_errors on;
recursive_error_pages on;
}
location = /favicon.ico {
access_log off; #关闭正常访问日志
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
if ( $request_uri ~ ^/favicon\.ico$ ) { #关闭favicon.ico 404错误日志
access_log off;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手
